Common Information
| Type | Value |
|---|---|
| Value |
Keychain - T1634.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may collect keychain data from an iOS device to acquire credentials. Keychains are the built-in way for iOS to keep track of users' passwords and credentials for many services and features such as Wi-Fi passwords, websites, secure notes, certificates, private keys, and VPN credentials. On the device, the keychain database is stored outside of application sandboxes to prevent unauthorized access to the raw data. Standard iOS APIs allow applications access to their own keychain contained within the database. By utilizing a privilege escalation exploit or existing root access, adversaries can access the entire encrypted database.(Citation: Apple Keychain Services)(Citation: Elcomsoft Decrypt Keychain) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2022-01-25 | 55 | Watering hole deploys new macOS malware, DazzleSpy, in Asia | WeLiveSecurity | ||
| Details | Website | 2022-01-25 | 8 | Analyzing OSX.DazzleSpy | ||
| Details | Website | 2022-01-21 | 63 | Deep Analysis Agent Tesla Malware | ||
| Details | Website | 2022-01-01 | 55 | The Mac Malware of 2021 ๐พ | ||
| Details | Website | 2022-01-01 | 30 | Threat Report | ||
| Details | Website | 2022-01-01 | 5 | Empire/keychaindump_decrypt.py at 08cbd274bef78243d7a8ed6443b8364acd1fc48b ยท EmpireProject/Empire | ||
| Details | Website | 2022-01-01 | 14 | GitHub - 00xkhaled/Bella: Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS. ๐๐ป | ||
| Details | Website | 2022-01-01 | 0 | New Realst Info-stealer Targets MacOS, Empties Crypto Wallets | Cyware Hacker News | ||
| Details | Website | 2022-01-01 | 0 | Apple Platform Security | ||
| Details | Website | 2021-10-01 | 23 | Made In America: Green Lambert for OS X | ||
| Details | Website | 2021-09-30 | 56 | Mac Users Targeted by Trojanized iTerm2 App | ||
| Details | Website | 2021-09-14 | 31 | Made in China: OSX.ZuRu | ||
| Details | Website | 2021-07-10 | 0 | Top 6 iPhone hacking tools for mobile penetration testers | Infosec Resources | ||
| Details | Website | 2021-05-22 | 6 | macOS MS Office Sandbox Brain Dump | ||
| Details | Website | 2021-04-04 | 60 | AgentTesla Malware | ||
| Details | Website | 2021-03-10 | 2 | Creating Shield | ||
| Details | Website | 2021-02-09 | 1188 | GitHub - qazbnm456/awesome-cve-poc: โ๏ธ A curated list of CVE PoCs. | ||
| Details | Website | 2020-12-01 | 14 | An iOS zero-click radio proximity exploit odyssey | ||
| Details | Website | 2020-10-30 | 6 | Stealing macOS apps' Keychain entries | ||
| Details | Website | 2020-10-13 | 5 | IOS Application Security Part 6 - New Security Features in IOS 7 | Infosec Resources | ||
| Details | Website | 2020-10-07 | 6 | iOS VPN support: 3 different bugs | ||
| Details | Website | 2020-10-06 | 8 | Apple Mobile Devices Cheat Sheet | ||
| Details | Website | 2020-09-30 | 0 | How YubiKeys are made: Security at scale | ||
| Details | Website | 2020-08-18 | 0 | Breaking LUKS Encryption | ||
| Details | Website | 2020-08-08 | 5 | Analysis of A Lokibot InfoStealer |